strongswan.git
8 years agoInstall negotiated IKEv1 CHILD_SA negotiated in quick mode
Martin Willi [Tue, 22 Nov 2011 14:24:24 +0000 (15:24 +0100)]
Install negotiated IKEv1 CHILD_SA negotiated in quick mode

8 years agoImplemented IKEv1 keymat CHILD_SA key derivation function
Martin Willi [Tue, 22 Nov 2011 13:58:17 +0000 (14:58 +0100)]
Implemented IKEv1 keymat CHILD_SA key derivation function

8 years agoMoved keymat key length lookup functions to keymat.c
Martin Willi [Tue, 22 Nov 2011 13:54:50 +0000 (14:54 +0100)]
Moved keymat key length lookup functions to keymat.c

8 years agoExtended PRF+ by a non-counting variant as used by IKEv1
Martin Willi [Tue, 22 Nov 2011 13:38:43 +0000 (14:38 +0100)]
Extended PRF+ by a non-counting variant as used by IKEv1

8 years agoHardcode some SA lifetimes until we can configure them dynamically
Martin Willi [Tue, 22 Nov 2011 11:37:08 +0000 (12:37 +0100)]
Hardcode some SA lifetimes until we can configure them dynamically

8 years agoAdded missing comma after ME_CONNECT declaration.
Tobias Brunner [Tue, 22 Nov 2011 08:46:31 +0000 (09:46 +0100)]
Added missing comma after ME_CONNECT declaration.

8 years agoFixed creation of endpoint notifies.
Tobias Brunner [Tue, 22 Nov 2011 08:44:09 +0000 (09:44 +0100)]
Fixed creation of endpoint notifies.

8 years agoFixed diagram of IKEv1 encrypted "payload".
Tobias Brunner [Tue, 22 Nov 2011 08:41:58 +0000 (09:41 +0100)]
Fixed diagram of IKEv1 encrypted "payload".

8 years agoRefactored main mode NONCE/KE payload processing
Martin Willi [Tue, 22 Nov 2011 08:32:30 +0000 (09:32 +0100)]
Refactored main mode NONCE/KE payload processing

8 years agoRefactored main mode HASH payload processing
Martin Willi [Tue, 22 Nov 2011 08:14:57 +0000 (09:14 +0100)]
Refactored main mode HASH payload processing

8 years agoSkip any payloads in front of SA to extract initiators SA bytes
Martin Willi [Tue, 22 Nov 2011 07:56:01 +0000 (08:56 +0100)]
Skip any payloads in front of SA to extract initiators SA bytes

8 years agoImplemented quick mode protocol handling, no CHILD_SA or HASH payloads yet
Martin Willi [Mon, 21 Nov 2011 16:56:39 +0000 (17:56 +0100)]
Implemented quick mode protocol handling, no CHILD_SA or HASH payloads yet

8 years agoPartially implemented IKEv1 ESP proposal en-/decoding
Martin Willi [Mon, 21 Nov 2011 16:40:42 +0000 (17:40 +0100)]
Partially implemented IKEv1 ESP proposal en-/decoding

8 years agoAdd missing keymat cast to avoid compiler warning
Martin Willi [Mon, 21 Nov 2011 16:32:19 +0000 (17:32 +0100)]
Add missing keymat cast to avoid compiler warning

8 years agoDon't compare initiator flag in IKE_SA manager, pass initiator parameter to IKE_SA...
Martin Willi [Mon, 21 Nov 2011 16:18:43 +0000 (17:18 +0100)]
Don't compare initiator flag in IKE_SA manager, pass initiator parameter to IKE_SA constructor

8 years agoCreate and verify PSK HASH payloads in IKEv1 main mode
Martin Willi [Mon, 21 Nov 2011 16:16:39 +0000 (17:16 +0100)]
Create and verify PSK HASH payloads in IKEv1 main mode

8 years agoAdded keymat_v1_t.get_hash() to calculate authentication hashes
Martin Willi [Mon, 21 Nov 2011 15:41:48 +0000 (16:41 +0100)]
Added keymat_v1_t.get_hash() to calculate authentication hashes

8 years agoRegister HASH_V1 in payload factory
Martin Willi [Mon, 21 Nov 2011 15:41:16 +0000 (16:41 +0100)]
Register HASH_V1 in payload factory

8 years agoDerive IKE keys as IKEv1 initiator, too
Martin Willi [Mon, 21 Nov 2011 13:36:05 +0000 (14:36 +0100)]
Derive IKE keys as IKEv1 initiator, too

8 years agoFix payload length of id_payload created from a traffic selector
Martin Willi [Mon, 21 Nov 2011 12:43:48 +0000 (13:43 +0100)]
Fix payload length of id_payload created from a traffic selector

8 years agoString for ENCRYPTED_DATA fixed.
Tobias Brunner [Mon, 21 Nov 2011 14:18:40 +0000 (15:18 +0100)]
String for ENCRYPTED_DATA fixed.

8 years agoStrings for ENCRYPTED_V1 payload added.
Tobias Brunner [Mon, 21 Nov 2011 14:16:51 +0000 (15:16 +0100)]
Strings for ENCRYPTED_V1 payload added.

8 years agoSet flags on message according to IKE version when parsing header.
Tobias Brunner [Mon, 21 Nov 2011 12:26:27 +0000 (13:26 +0100)]
Set flags on message according to IKE version when parsing header.

8 years agoEncrypt IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 12:24:17 +0000 (13:24 +0100)]
Encrypt IKEv1 messages.

8 years agoDecrypt IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 12:19:19 +0000 (13:19 +0100)]
Decrypt IKEv1 messages.

8 years agoAdded IV generation to keymat_v1_t.
Tobias Brunner [Mon, 21 Nov 2011 12:11:16 +0000 (13:11 +0100)]
Added IV generation to keymat_v1_t.

8 years agoUse modified encryption payload to encrypt/decrypt complete IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 10:53:23 +0000 (11:53 +0100)]
Use modified encryption payload to encrypt/decrypt complete IKEv1 messages.

8 years agoUse key derivation in IKEv1 main mode (PSK authentication).
Tobias Brunner [Mon, 21 Nov 2011 10:46:18 +0000 (11:46 +0100)]
Use key derivation in IKEv1 main mode (PSK authentication).

8 years agoAdded a simple AEAD wrapper for IKEv1 encryption/decryption.
Tobias Brunner [Mon, 21 Nov 2011 10:43:43 +0000 (11:43 +0100)]
Added a simple AEAD wrapper for IKEv1 encryption/decryption.

8 years agoAdded IKEv1 key derivation with support for AUTH_CLASS_PSK.
Tobias Brunner [Mon, 21 Nov 2011 10:41:37 +0000 (11:41 +0100)]
Added IKEv1 key derivation with support for AUTH_CLASS_PSK.

8 years agoUpdate cached hosts on ike_sa_t when processing IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 10:24:38 +0000 (11:24 +0100)]
Update cached hosts on ike_sa_t when processing IKEv1 messages.

8 years agoProvide keymat_t to message_t to encrypt/decrypt data.
Tobias Brunner [Mon, 21 Nov 2011 10:18:08 +0000 (11:18 +0100)]
Provide keymat_t to message_t to encrypt/decrypt data.

8 years agoAvoid compiler warnings due to extended enums.
Tobias Brunner [Mon, 21 Nov 2011 10:05:43 +0000 (11:05 +0100)]
Avoid compiler warnings due to extended enums.

8 years agoMoved version specific keymat functions to specific interfaces.
Tobias Brunner [Fri, 18 Nov 2011 09:56:48 +0000 (10:56 +0100)]
Moved version specific keymat functions to specific interfaces.

8 years agoAdded a generic TASK_ prefix to all task types
Martin Willi [Mon, 21 Nov 2011 11:18:24 +0000 (12:18 +0100)]
Added a generic TASK_ prefix to all task types

8 years agoInitiate and respond to quick mode task (stub)
Martin Willi [Mon, 21 Nov 2011 10:56:58 +0000 (11:56 +0100)]
Initiate and respond to quick mode task (stub)

8 years agoPrint message ID as unsigned integer
Martin Willi [Mon, 21 Nov 2011 10:54:29 +0000 (11:54 +0100)]
Print message ID as unsigned integer

8 years agoAdded message encoding rules for quick mode
Martin Willi [Mon, 21 Nov 2011 10:51:16 +0000 (11:51 +0100)]
Added message encoding rules for quick mode

8 years agoFixed reference counting bugs in main mode
Martin Willi [Mon, 21 Nov 2011 10:42:53 +0000 (11:42 +0100)]
Fixed reference counting bugs in main mode

8 years agoImplemented basic message id handling for IKEv1
Martin Willi [Mon, 21 Nov 2011 10:21:21 +0000 (11:21 +0100)]
Implemented basic message id handling for IKEv1

8 years agoAdded a quick mode task stub
Martin Willi [Mon, 21 Nov 2011 10:20:34 +0000 (11:20 +0100)]
Added a quick mode task stub

8 years agoFixed length calculation of delete payload
Martin Willi [Mon, 21 Nov 2011 09:22:50 +0000 (10:22 +0100)]
Fixed length calculation of delete payload

8 years agoUpdate header length after each parsed rule, as it might change when parsing SPI...
Martin Willi [Mon, 21 Nov 2011 09:10:48 +0000 (10:10 +0100)]
Update header length after each parsed rule, as it might change when parsing SPI size

8 years agoFix rule selection in transform substructure
Martin Willi [Mon, 21 Nov 2011 09:10:29 +0000 (10:10 +0100)]
Fix rule selection in transform substructure

8 years agoFixed proposal numbering check in sa_payload
Martin Willi [Mon, 21 Nov 2011 08:10:50 +0000 (09:10 +0100)]
Fixed proposal numbering check in sa_payload

8 years agoDon't clone chunk in message.get_packet_data
Martin Willi [Fri, 18 Nov 2011 16:49:53 +0000 (17:49 +0100)]
Don't clone chunk in message.get_packet_data

8 years agoVerify IKEv1 nonce size, send 32 byte nonces
Martin Willi [Fri, 18 Nov 2011 16:14:36 +0000 (17:14 +0100)]
Verify IKEv1 nonce size, send 32 byte nonces

8 years agoPartially implemented third main mode exchange (identities)
Martin Willi [Fri, 18 Nov 2011 15:12:15 +0000 (16:12 +0100)]
Partially implemented third main mode exchange (identities)

8 years agoAdded IKEv1 ID payload <-> traffic selector conversion functions
Martin Willi [Fri, 18 Nov 2011 13:31:13 +0000 (14:31 +0100)]
Added IKEv1 ID payload <-> traffic selector conversion functions

8 years agots.get_subnet() returns TRUE if the selector actually is a subnet
Martin Willi [Fri, 18 Nov 2011 13:30:15 +0000 (14:30 +0100)]
ts.get_subnet() returns TRUE if the selector actually is a subnet

8 years agoImplemented first two exchanges of Main Mode as initiator
Martin Willi [Fri, 18 Nov 2011 09:56:02 +0000 (10:56 +0100)]
Implemented first two exchanges of Main Mode as initiator

8 years agoAdded enum name for MAIN_MODE task
Martin Willi [Fri, 18 Nov 2011 09:55:23 +0000 (10:55 +0100)]
Added enum name for MAIN_MODE task

8 years agoDo not ignore configs for IKEv1 in charon anymore
Martin Willi [Fri, 18 Nov 2011 09:08:18 +0000 (10:08 +0100)]
Do not ignore configs for IKEv1 in charon anymore

8 years agoAdded missing task manager factory declaration
Martin Willi [Fri, 18 Nov 2011 08:50:22 +0000 (09:50 +0100)]
Added missing task manager factory declaration

8 years agoRe-enable static inclusion of PSK auth method into IKEv1 proposal
Martin Willi [Fri, 18 Nov 2011 08:16:54 +0000 (09:16 +0100)]
Re-enable static inclusion of PSK auth method into IKEv1 proposal

8 years agoAdded IKEv1 support to delete payload
Martin Willi [Thu, 17 Nov 2011 17:14:51 +0000 (18:14 +0100)]
Added IKEv1 support to delete payload

8 years agoAdded IKEv1 support to notify payload
Martin Willi [Thu, 17 Nov 2011 17:01:41 +0000 (18:01 +0100)]
Added IKEv1 support to notify payload

8 years agoMemory leak fixed.
Tobias Brunner [Thu, 17 Nov 2011 16:06:14 +0000 (17:06 +0100)]
Memory leak fixed.

8 years agoAdded factory function to create task_manager_t implementations.
Tobias Brunner [Thu, 17 Nov 2011 15:54:25 +0000 (16:54 +0100)]
Added factory function to create task_manager_t implementations.

8 years agoAdded factory function to create keymat_t implementations.
Tobias Brunner [Thu, 17 Nov 2011 15:45:14 +0000 (16:45 +0100)]
Added factory function to create keymat_t implementations.

8 years agoStore IKE version of an SA on ike_sa_t.
Tobias Brunner [Thu, 17 Nov 2011 15:26:52 +0000 (16:26 +0100)]
Store IKE version of an SA on ike_sa_t.

8 years agoAdded stub for IKEv1 keymat_t implementation.
Tobias Brunner [Thu, 17 Nov 2011 15:22:34 +0000 (16:22 +0100)]
Added stub for IKEv1 keymat_t implementation.

8 years agoUse keymat_t as common interface, renamed current implementation to _v2.
Tobias Brunner [Thu, 17 Nov 2011 15:19:47 +0000 (16:19 +0100)]
Use keymat_t as common interface, renamed current implementation to _v2.

8 years agoUse a generic list encoding rule we can use to specify the wrapped payload type
Martin Willi [Thu, 17 Nov 2011 14:44:42 +0000 (15:44 +0100)]
Use a generic list encoding rule we can use to specify the wrapped payload type

8 years agoUse a generic encoding type for all variable length chunks
Martin Willi [Thu, 17 Nov 2011 14:20:16 +0000 (14:20 +0000)]
Use a generic encoding type for all variable length chunks

8 years agoImplemented IKEv1 hash payload
Martin Willi [Thu, 17 Nov 2011 14:00:04 +0000 (15:00 +0100)]
Implemented IKEv1 hash payload

8 years agoExtended ID payload for (non-TS) IKEv1 use
Martin Willi [Thu, 17 Nov 2011 13:46:02 +0000 (13:46 +0000)]
Extended ID payload for (non-TS) IKEv1 use

8 years agoImplement second exchange in IKEv1 main mode
Martin Willi [Thu, 17 Nov 2011 12:47:08 +0000 (13:47 +0100)]
Implement second exchange in IKEv1 main mode

8 years agoAdd a payload.get_header_length() method, remove header length definitions
Martin Willi [Thu, 17 Nov 2011 11:27:46 +0000 (11:27 +0000)]
Add a payload.get_header_length() method, remove header length definitions

8 years agoSimplify signature of get_encoding_rules(), make all rules static
Martin Willi [Thu, 17 Nov 2011 10:27:55 +0000 (11:27 +0100)]
Simplify signature of get_encoding_rules(), make all rules static

8 years agoExtended KE payload for IKEv1 support
Martin Willi [Thu, 17 Nov 2011 10:16:02 +0000 (11:16 +0100)]
Extended KE payload for IKEv1 support

8 years agoExtended nonce payload for IKEv1 support
Martin Willi [Thu, 17 Nov 2011 09:53:35 +0000 (10:53 +0100)]
Extended nonce payload for IKEv1 support

8 years agoAdd fixed PSK authentication method to IKEv1 proposal for now
Martin Willi [Thu, 17 Nov 2011 09:45:41 +0000 (10:45 +0100)]
Add fixed PSK authentication method to IKEv1 proposal for now

8 years agoHandle first exchange in IKEv1 main mode as responder
Martin Willi [Wed, 16 Nov 2011 17:24:47 +0000 (18:24 +0100)]
Handle first exchange in IKEv1 main mode as responder

8 years agoAdded limiting encoding of IKEv1 SA payloads
Martin Willi [Wed, 16 Nov 2011 17:24:14 +0000 (18:24 +0100)]
Added limiting encoding of IKEv1 SA payloads

8 years agoAdded SA payload IKEv1 encoding types to generator
Martin Willi [Wed, 16 Nov 2011 17:23:37 +0000 (18:23 +0100)]
Added SA payload IKEv1 encoding types to generator

8 years agoDon't set IKEv2 only header flags when using IKEv1
Martin Willi [Wed, 16 Nov 2011 17:23:00 +0000 (18:23 +0100)]
Don't set IKEv2 only header flags when using IKEv1

8 years agoSet default IKE header initiator flag in IKEv2 only
Martin Willi [Wed, 16 Nov 2011 15:09:02 +0000 (15:09 +0000)]
Set default IKE header initiator flag in IKEv2 only

8 years agoAdded an IKEv1 main mode task stub
Martin Willi [Wed, 16 Nov 2011 14:44:06 +0000 (14:44 +0000)]
Added an IKEv1 main mode task stub

8 years agoAdded a stub for a IKEv1 task manager
Martin Willi [Wed, 16 Nov 2011 14:27:04 +0000 (15:27 +0100)]
Added a stub for a IKEv1 task manager

8 years agoUse task manager as generic interface, renamed implementation to _v2.
Martin Willi [Wed, 16 Nov 2011 13:53:54 +0000 (13:53 +0000)]
Use task manager as generic interface, renamed implementation to _v2.

8 years agoFix unaligned aliasing warning in raw socket
Martin Willi [Wed, 16 Nov 2011 13:45:19 +0000 (13:45 +0000)]
Fix unaligned aliasing warning in raw socket

8 years agoUse enum to define IKE version on peer_cfg_t.
Tobias Brunner [Wed, 16 Nov 2011 16:28:06 +0000 (17:28 +0100)]
Use enum to define IKE version on peer_cfg_t.

Replaced all those magic numbers.

8 years agoFix init message arrival check.
Tobias Brunner [Wed, 16 Nov 2011 15:19:13 +0000 (16:19 +0100)]
Fix init message arrival check.

8 years agoCompile error fixed.
Tobias Brunner [Wed, 16 Nov 2011 14:05:08 +0000 (15:05 +0100)]
Compile error fixed.

8 years agoMessage parsing slightly refactored, allows parsing of unencrypted IKEv1 messages.
Tobias Brunner [Wed, 16 Nov 2011 13:23:50 +0000 (14:23 +0100)]
Message parsing slightly refactored, allows parsing of unencrypted IKEv1 messages.

8 years agoAllow creation of message_t objects for IKEv1 packets.
Tobias Brunner [Wed, 16 Nov 2011 11:06:55 +0000 (12:06 +0100)]
Allow creation of message_t objects for IKEv1 packets.

8 years agoCertificate request payloads can be sent in pretty much any IKEv1 message.
Tobias Brunner [Wed, 16 Nov 2011 09:31:53 +0000 (10:31 +0100)]
Certificate request payloads can be sent in pretty much any IKEv1 message.

8 years agoImplemented limited payload parsing for IKEv1 SA payloads
Martin Willi [Wed, 16 Nov 2011 12:46:54 +0000 (13:46 +0100)]
Implemented limited payload parsing for IKEv1 SA payloads

8 years agoAdded additional IKEv1 payload and encoding identifiers
Martin Willi [Wed, 16 Nov 2011 12:40:09 +0000 (12:40 +0000)]
Added additional IKEv1 payload and encoding identifiers

8 years agoExtend sa_payload for IKEv1 support
Martin Willi [Wed, 16 Nov 2011 08:29:38 +0000 (09:29 +0100)]
Extend sa_payload for IKEv1 support

8 years agoMessage rules for IKEv1 INFORMATIONAL exchange added.
Tobias Brunner [Tue, 15 Nov 2011 17:23:15 +0000 (18:23 +0100)]
Message rules for IKEv1 INFORMATIONAL exchange added.

Since INFORMATIONAL "exchanges" are actually unidirectionally sent
message we don't have any responder rules.

8 years agoMessage rules for IKEv1 AGGRESSIVE exchange added.
Tobias Brunner [Tue, 15 Nov 2011 17:21:28 +0000 (18:21 +0100)]
Message rules for IKEv1 AGGRESSIVE exchange added.

These are basically the same as for ID_PROT but no payloads are expected
to be encrypted (at least if using PSK or signatures for authentication).

8 years agoMessage rules for IKEv1 ID_PROT exchange added.
Tobias Brunner [Tue, 15 Nov 2011 15:13:50 +0000 (16:13 +0100)]
Message rules for IKEv1 ID_PROT exchange added.

These rules are quite broad and cover main mode with at least PSK and
signature based authentication.

8 years agoTypo fixed.
Tobias Brunner [Tue, 15 Nov 2011 13:27:19 +0000 (14:27 +0100)]
Typo fixed.

8 years agoUse vendor id payload for IKEv1 payloads, too
Martin Willi [Tue, 15 Nov 2011 14:58:47 +0000 (14:58 +0000)]
Use vendor id payload for IKEv1 payloads, too

8 years agoAdded IKEv1 payload identifiers to "known" payload list
Martin Willi [Tue, 15 Nov 2011 14:58:23 +0000 (14:58 +0000)]
Added IKEv1 payload identifiers to "known" payload list

8 years agoHandle IKEv1 messages in managers checkout_by_message
Martin Willi [Tue, 15 Nov 2011 14:30:39 +0000 (15:30 +0100)]
Handle IKEv1 messages in managers checkout_by_message

8 years agoAdded IKEv1 payload identifiers
Martin Willi [Tue, 15 Nov 2011 13:47:20 +0000 (14:47 +0100)]
Added IKEv1 payload identifiers

8 years agoAccept and process IKEv1 messages in receiver
Martin Willi [Tue, 15 Nov 2011 13:03:24 +0000 (14:03 +0100)]
Accept and process IKEv1 messages in receiver